btrbk role

deploy.yml

@@ -75,6 +75,7 @@
     users:
       - rilla
       - ansible
+      - btrbk
       - builder
       - gopass
       - woodpecker
@@ -110,6 +111,14 @@
   roles:
     - wifi
 
+- name: btrbk
+  hosts:
+    - narwhal
+    - suricata
+  become: true
+  roles:
+    - btrbk
+
 - name: caladan-specific things
   hosts: caladan
   become: true

hosts.yml

@@ -76,49 +76,49 @@ all:
         - src: "/dev/mapper/disk0"
           path: "/mnt/btr_pool"
           fstype: "btrfs"
-          opts: "subvolid=5,noatime"
+          opts: "subvolid=5,noatime,compress=zstd"
           passno: "0"
 
         - src: "/dev/mapper/disk0"
           path: "/var/log"
           fstype: "btrfs"
-          opts: "subvol=logs,noatime"
+          opts: "subvol=logs,noatime,compress=zstd"
           passno: "0"
 
         - src: "/dev/mapper/disk0"
           path: "/home"
           fstype: "btrfs"
-          opts: "subvol=home,noatime"
+          opts: "subvol=home,noatime,compress=zstd"
           passno: "0"
 
         - src: "/dev/mapper/disk0"
           path: "/opt"
           fstype: "btrfs"
-          opts: "subvol=opt,noatime"
+          opts: "subvol=opt,noatime,compress=zstd"
           passno: "0"
 
         - src: "/dev/mapper/disk0"
           path: "/var/lib/builder/src"
           fstype: "btrfs"
-          opts: "subvol=src,noatime"
+          opts: "subvol=src,noatime,compress=zstd"
           passno: "0"
 
         - src: "/dev/mapper/disk0"
           path: "/etc/rancher"
           fstype: "btrfs"
-          opts: "subvol=rancher_config,noatime"
+          opts: "subvol=rancher_config,noatime,compress=zstd"
           passno: "0"
 
         - src: "/dev/mapper/disk0"
           path: "/var/lib/rancher"
           fstype: "btrfs"
-          opts: "subvol=rancher_data,noatime"
+          opts: "subvol=rancher_data,noatime,compress=zstd"
           passno: "0"
 
         - src: "/dev/mapper/disk0"
           path: "/var/lib/containers"
           fstype: "btrfs"
-          opts: "subvol=containers,noatime"
+          opts: "subvol=containers,noatime,compress=zstd"
           passno: "0"
 
       rpi_cfg:

roles/btrbk/tasks/alpine.yml

@@ -0,0 +1,7 @@
+---
+- name: install packages
+  apk:
+    name:
+      - btrbk
+      - coreutils  # needed by btrbk
+      - btrfs-progs

roles/btrbk/tasks/debian.yml

@@ -0,0 +1,6 @@
+---
+- name: install packages
+  apt:
+    name:
+      - btrbk
+      - btrfs-progs

roles/btrbk/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+- name: alpine setup
+  include_tasks: alpine.yml
+  when: ansible_distribution == "Alpine"
+
+- name: debian/ubuntu setup
+  include_tasks: debian.yml
+  when: ansible_distribution in ["Debian", "Ubuntu"]
+
+- name: copy btrbk config
+  copy:
+    src: "host_files/btrbk/{{ ansible_hostname }}/btrbk.conf"
+    dest: /etc/btrbk/btrbk.conf

roles/cryptoraid/tasks/alpine.yml

@@ -2,8 +2,6 @@
 - name: install packages
   apk:
     name:
-      - btrbk
-      - coreutils  # needed by btrbk
       - btrfs-progs
       - cryptsetup
       - gnupg

roles/users/tasks/btrbk.yml

@@ -0,0 +1,32 @@
+---
+- name: create group 'btrbk'
+  group:
+    name: btrbk
+    gid: 505
+
+- name: create user 'btrbk'
+  user:
+    name: btrbk
+    uid: 505
+    group: btrbk
+    home: /var/lib/btrbk
+    password: "*"  # disabled password but can be accessed with SSH
+    groups:
+      - wheel
+    append: true
+
+- name: make sure btrbk owns its home
+  file:
+    state: directory
+    path: /var/lib/btrbk
+    owner: brtrbk
+    group: brtrbk
+    mode: '2755'
+
+- name: commit btrbk's home to lbu
+  lbu:
+    include:
+      - /var/lib/btrbk
+    exclude:
+      - /var/lib/btrbk/.ash_history
+  when: ansible_distribution == "Alpine" and alpine_mode in ["diskless", "data"]